5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.022 Low
EPSS
Percentile
89.5%
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a … (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.
CPE | Name | Operator | Version |
---|---|---|---|
duda:webalbum | duda webalbum | le | 2.02 |